Phishing

What is Phishing?

Phishing is often associated with emails sent to a user, sending them to a fake web site that mimics the look and feel of legitimate business website; often a bank, a credit card company or an online shop. It’s even been done to mimic airline booking sites.

However, the emailing is just the beginning of the phishing process. Phishing is a process that involves planning, setting up, attacking and collecting data, with the result being identity theft and fraud.

When a person enters information into a fake web site; for example, a company’s credit card details, name and address etc is now gathered by the attackers and may be used for several illegal activities online.

Often this involves simple online purchases and transactions made through different addresses, but in more serious cases it will involve identity theft and fraud.

Top Phishing Statistics

1. In 2021, 83% of organizations reported experiencing phishing attacks.
2. In 2022, an additional six billion phishing attacks are expected to occur.
3. Last year, roughly 214,345 unique phishing websites were identified, and the number of recent phishing attacks has doubled since early 2020.
4. According to new survey data, companies are now experiencing an average of 1,185 attacks every month, with 38% of respondents reporting that a coworker fell victim to an attack within the last year.

Here are some ways to deal with the threat of phishing:

1. Security Awareness Training and Phishing Simulation Email Campaigns 

To protect your business from phishing, CommSec managed IT security services provide you with anti-phishing hardware and software, which are designed to prevent phishing attacks because they can detect a fraudulent email or website even when users fail to do so. They protect your business by not allowing access to spurious emails and website links.

2. SOC as a Service

Our MSOC+ service is designed to give you the means to detect a phishing incident and sets out the processes for how we respond to the incident as fast as possible and to minimise the potential damage caused.

However, no IT security products are fool proof-user training and security awareness is still the best protection against phishing.

3. Advanced Email Solutions

Often Secure Email Gateways (SEGs) use filters to detect malicious or fake web domains as a first layer of protection from phishing. Some Email security solutions include functions like link checking and validation in sandboxes to avoid users being served with malicious urls contained inside emails but even these urls can be masked and redirected. New generation email security solutions are using AI and machine learning to spot what is a spoofing email and what is a legit email.